De CSRF a RCE: una visita web cuesta una shell en OpenYak
OpenYak v1.0.8 has been found to have critical security vulnerabilities that allow remote command execution. The application exposes a local API without authentication or proper validation, making it susceptible to attacks via malicious websites. A patch has been released in version 1.1.3 to address these issues.
- ▪OpenYak v1.0.8 runs a local server without authentication, allowing remote command execution.
- ▪A single visit to a malicious website can enable an attacker to execute arbitrary commands on the victim's machine.
- ▪The vulnerabilities stem from design flaws, including lack of authentication and improper request validation.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3769054) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } arturo melgarejo Posted on May 21 De CSRF a RCE: una visita web cuesta una shell en OpenYak #cybersecurity #infosec #opensource #security OpenYak v1.0.8 arranca un servidor local en 127.0.0.1:19141 sin autenticación, sin validación de Origin y sin protección CSRF. Una sola visita a una web maliciosa basta para que un atacante remoto ejecute comandos arbitrarios en la máquina de la víctima a través del agente bash de la propia aplicación. Reportado al mantenedor, parcheado en v1.1.3.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
